Security Risk Analysis
A Security Risk Analysis is an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic patient health information (ePHI). The HIPAA Security Rule requires all covered entities to conduct a Security Risk Analysis and states the Risk Analysis should be an ongoing process. Once you have completed the Risk Analysis, you must take any additional “reasonable and appropriate” steps to reduce identified risks to reasonable and appropriate levels. (45 CFR 164.308(a)(1)(ii)).
HIPAA Security Rule
The HIPAA Security Rule establishes national standards to protect individuals’ health information that is created, received, used, or maintained in electronic form by a covered entity (also known as ePHI). The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
The Security Rule is located at 45 CFR Part 160 and Subparts A and C of Part 164.
Contact the Kentucky REC today for more information on how we can help with your security risk analysis.
A covered entity is one of the following:
|A Health Care Provider||A Health Plan||A Health Care Clearinghouse|
|This includes providers such as:||This includes:||This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.|
Covered Entity Guidance Tool
Protecting patients’ ePHI is as important as protecting their paper PHI. An SRA helps to identify vulnerabilities and threats surrounding your EHR and other IT systems containing and transmitting ePHI. Once identified, you will need to mitigate the vulnerabilities to reasonable level.
Please note all providers who are covered entities under HIPAA are required to perform a Security Risk Analysis.
Why Do I Need an SRA?
KENTUCKY REC HIPAA NEWS
Healthcare organizations are a prime target of cybercrime, which is on the rise. This fact alone makes performing a HIPAA security risk analysis and following mitigation steps an imperative part of regular medical practice operations, beyond just complying with...
Software is the underlying set of instructions that runs computers and other electronic devices. Most software that we use contains “bugs” – mistakes in the software code that negatively affects how the software works. Some of these bugs may introduce security...
Join us in Pikeville or Louisville as we take an in depth look at the Medicare Access and CHIP Reauthorization Act (MACRA) legislation and the Quality Payment Program! This event will explore MACRA Year 2, Care Transitions Quality Measure, the Cost Category of MIPS,...